Hackers Exploit .arpa Domain and IPv6 Reverse DNS for Phishing

Threat actors are exploiting the special-use .arpa domain and IPv6 reverse DNS in phishing campaigns to bypass domain reputation checks and evade email security gateways. The abuse of these technical protocols allows attackers to obscure malicious activity, making detection harder for traditional security defenses. No specific threat groups, dates, or CVE identifiers were mentioned in the reported activity. The technique leverages legitimate infrastructure components to enhance phishing effectiveness. The impact includes reduced efficacy of domain-based filtering and increased risk of successful credential theft or malware delivery.